According to the cyber specialist, Denial of Services (DoS) attacks are on a rapid rise and many of the instigators of these crimes are no longer looking for the thrill of taking down large corporate networks. Instead, this new trend points to “subtle theft” and extortion of smaller networks and individual users who might not notice they are being robbed or disabled.
(A typical DoS attack is when a network is intentionally targeted with an overload of data and then crashes.)
Symantec says that while past attacks were designed to destroy data, today’s attacks are increasingly designed to silently steal for profit without doing noticeable damage.
"Gone are the days when script kiddies used to develop attacks that would cause maximum damage and attract as much attention as possible,” Symantec’s Richard Archdeacon said. "The people behind today's cyber crime are using silent and more targeted methods to steal data and other sensitive information undetected.”
In general, Symantec says, this type of more “under the radar” cyber crime has risen 50 percent in the past year. On that same level, phishing attacks, where cyber thieves try to extract personal identification information from users through fraudulent emails, rose 39 percent, with an estimated 8 million phishing attempts occurring each day.
Bot-related cyber crimes also are on the rise, according to Symantec, which involve hackers taking control of a user’s computer and stealing information, or in many cases, use them as unwitting participants in Dos attacks to bring down targeted networks. These types of bot crimes, Symantec says, average around 1,402 each day.
Symantec research shows that the recent wave of bot-related crimes are located in China due in part to that country’s rise in broadband usage.
The security firm also traced the past year’s computer vulnerabilities and the speed with which organizations were able to patch vulnerable systems. Symantec says that the average amount of time between the announcement of a vulnerability and the release of associated exploit code averaged from 6 days.
Symantec’s Internet Security Threat Report, now in its ninth publishing, covers the six-month period from July 1, 2005 to Dec. 31, 2005.
In the previous report, Symantec cautioned that malicious code for profit was on the rise, and this trend continued during the second half of 2005.